package com.weiyan.blog.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

/**
 * @author misterWei
 * @create 2020年01月20号:20点31分
 * @mailbox mynameisweiyan@gmail.com
 *
 * 资源控制管理器  由于是网关统一转发微服务,所以配置多个资源配置
 */
@Configuration
public class ResourceServerConfig{

    private static final String RESOURCE_ID_1="rid"; //资源列表标识符号,必须和认证管理器 中保持一致
    private static final String RESOURCE_ID_2="wid"; //资源列表标识符号,必须和认证管理器 中保持一致

    @Autowired
    private TokenStore tokenStore;

    @Qualifier("customAccessDeniedHandler")
    @Autowired
    private AccessDeniedHandler accessDeniedHandler;

    @Qualifier("authExceptionEntryPoint")
    @Autowired
    private AuthenticationEntryPoint authExceptionEntryPoint;

    @Configuration
    @EnableResourceServer
    public class BlogIndexServerConfig extends ResourceServerConfigurerAdapter {

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId(RESOURCE_ID_1)
                    .tokenStore(tokenStore)
                    .authenticationEntryPoint(authExceptionEntryPoint)
                    .accessDeniedHandler(accessDeniedHandler)
                    .stateless(true); //无状态开启
        }

        @Override
        public void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests()
                        //此处表明 那个路径下需要那些客户端权限
                    .antMatchers("/blog-index/**").access("#oauth2.hasAnyScope('read')")
                    .and().csrf().disable()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }

    }


    @Configuration
    @EnableResourceServer
    public class BlogOAServerConfig extends ResourceServerConfigurerAdapter {

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId(RESOURCE_ID_2)
                    .tokenStore(tokenStore)
                    .stateless(true); //无状态开启
        }

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                    .antMatchers("/oa*").access("#oauth2.hasAnyScope('write')")
                    .and().csrf().disable()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }

    }
}


